Examining an image

You can either copy the image to a hard drive, or mount it in Linux and examine it. To mount an image of an entire drive, first examine the partitions using fdisk:

$ sudo fdisk -u -l /media/2Big/hd.img

In this example, hd.img is an image file created earlier on a USB drive named 2Big.

You should see something similar to this:

Disk /dev/sdc: 250.0 GB, 250059350016 bytes
255 heads, 63 sectors/track, 30401 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Disk identifier: 0x0004034f

Device Boot Start End Blocks Id System

Imaging a drive

It is very important when investigating a security incident to work with a copy of the hard drive, and not the original. It is equally important to work with an unaltered copy of the drive. All that is needed is a place to store the image, a USB or system drive, and a working Linux setup. This can be an Ubuntu live CD.

First, you must see where your drives are:

$ sudo fdisk -l

Disk /dev/sda: 250.0 GB, 250059350016 bytes
255 heads, 63 sectors/track, 30401 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Disk identifier: 0x0008558e

Groupwise 8 and java time zone problem

The GroupWise 8 client runs great under Ubuntu, but there is a slight problem with the time zone. Because the GroupWise client is a Java based client, a slight adjustment may need to be made.

Java, for some reason, expects a symbolic link at /etc/localtime. When it doesn't get it, it defaults to, usually, the wrong time zone. This caused issues like the calendar in GroupWise to be off.

To fix this:

sudo cp /etc/localtime /etc/localtime.bak

SQL Server using Linux: SQuirrel SQL Client

A big part of my job is using SQL server and having the necessary tools to interface with SQL server is a must. One of the only tools I have found for using SQL server on the Linux platform is SQuirrel SQL Client.

BFD, iptables, updated rules, and pure-ftpd

I had to setup and secure the new server I am using for my business over the last week. In doing so, I setup BFD to protect the server from automated attacks. It's important to have some sort of automated system to block "brute force," or automated attacks.

Script kiddies (no..not hackers) like to use tools they didn't write with shiny GUIs to try and guess the user name and password of an account on the system. They do this by running programs that guess different passwords for a user name rapidly.

Groupwise 8 and Linux

Installing the GroupWise 8 client on Ubuntu Linux 64 bit works great using these instructions. Did I mention that the GroupWise 8 Linux client has Notify built in..and it works? =)

Restarting the sound system in Ubuntu

There is a really annoying bug that crops up sometimes in which you will get an error message similar to "xine was unable to initialize any audio drivers" or in KDE 4.2 "The audio playback device HDA Intel (AD198x Analog) does not work. Falling back to ."

To fix this, I would normally reboot, but I found a page that specified how to restart the sound system. The instructions, unfortunately did not work for me, and I could not post a follow up.

First run:

$ lsof | grep pcm

Akonadi server process not registered at D-Bus

If you're using Kubuntu with KDE 4.2 and keep getting an error when akonadi starts up, which lists "Akonadi server process not registered at D-Bus" as the first error, try the following:

$ sudo aa-complain mysqld-akonadi
$ sudo /etc/init.d/apparmor reload

Kubuntu uses apparmor to block certain actions on the system. The new akonadi system KDE uses attempts one of these actions. The commands above simply tells apparmor to log the action rather than block it.

Then, use:

$ akonadictl stop

to stop the service, then

$ akonadictl start

KDE 4.2 so far

KDE 4.2 was released for Kubuntu on the 27th of January, 2009. This was a big deal because the 4.0 release, typically the "ready" release, was not so ready, and a bunch of nerdy types were not very happy about it. Being a software developer, I understand that a complete re-write, as 4.0 was, will have it's problems.

I use Kubuntu at work 10 hours a day/ 4 days a week, as well as at home, and I took the brave step of upgrading in a production environment, after testing at home first on a similar configuration.

You can now watch the inauguration using Linux and Silverlight

You can now use the Firefox plugin at and the link at to stream the inauguration. This plugin was created in part by Microsoft engineers volunteering for the mono project.


Subscribe to RSS - linux